payload-plugin-newsletter 0.3.2 → 0.4.5

package/dist/src/endpoints/preferences.js

@@ -1,136 +0,0 @@
-import { verifySessionToken } from '../utils/jwt';
-export const createPreferencesEndpoint = (config)=>{
-    return {
-        path: '/newsletter/preferences',
-        method: 'get',
-        handler: async (req, res)=>{
-            try {
-                // Get token from Authorization header
-                const authHeader = req.headers.authorization;
-                if (!authHeader || !authHeader.startsWith('Bearer ')) {
-                    return res.status(401).json({
-                        success: false,
-                        error: 'Authorization required'
-                    });
-                }
-                const token = authHeader.substring(7);
-                // Verify session token
-                let payload;
-                try {
-                    payload = verifySessionToken(token);
-                } catch (error) {
-                    return res.status(401).json({
-                        success: false,
-                        error: error instanceof Error ? error.message : 'Invalid token'
-                    });
-                }
-                // Get subscriber - use synthetic user to ensure access control
-                const subscriber = await req.payload.findByID({
-                    collection: config.subscribersSlug || 'subscribers',
-                    id: payload.subscriberId,
-                    overrideAccess: false,
-                    user: {
-                        collection: 'subscribers',
-                        id: payload.subscriberId,
-                        email: payload.email
-                    }
-                });
-                if (!subscriber) {
-                    return res.status(404).json({
-                        success: false,
-                        error: 'Subscriber not found'
-                    });
-                }
-                res.json({
-                    success: true,
-                    subscriber: {
-                        id: subscriber.id,
-                        email: subscriber.email,
-                        name: subscriber.name,
-                        locale: subscriber.locale,
-                        emailPreferences: subscriber.emailPreferences,
-                        subscriptionStatus: subscriber.subscriptionStatus
-                    }
-                });
-            } catch (error) {
-                console.error('Get preferences error:', error);
-                res.status(500).json({
-                    success: false,
-                    error: 'Failed to get preferences'
-                });
-            }
-        }
-    };
-};
-export const createUpdatePreferencesEndpoint = (config)=>{
-    return {
-        path: '/newsletter/preferences',
-        method: 'post',
-        handler: async (req, res)=>{
-            try {
-                // Get token from Authorization header
-                const authHeader = req.headers.authorization;
-                if (!authHeader || !authHeader.startsWith('Bearer ')) {
-                    return res.status(401).json({
-                        success: false,
-                        error: 'Authorization required'
-                    });
-                }
-                const token = authHeader.substring(7);
-                // Verify session token
-                let payload;
-                try {
-                    payload = verifySessionToken(token);
-                } catch (error) {
-                    return res.status(401).json({
-                        success: false,
-                        error: error instanceof Error ? error.message : 'Invalid token'
-                    });
-                }
-                const { name, locale, emailPreferences } = req.body;
-                // Prepare update data
-                const updateData = {};
-                if (name !== undefined) {
-                    updateData.name = name;
-                }
-                if (locale !== undefined) {
-                    updateData.locale = locale;
-                }
-                if (emailPreferences !== undefined) {
-                    updateData.emailPreferences = emailPreferences;
-                }
-                // Update subscriber - use synthetic user to ensure only updating own data
-                const subscriber = await req.payload.update({
-                    collection: config.subscribersSlug || 'subscribers',
-                    id: payload.subscriberId,
-                    data: updateData,
-                    overrideAccess: false,
-                    user: {
-                        collection: 'subscribers',
-                        id: payload.subscriberId,
-                        email: payload.email
-                    }
-                });
-                res.json({
-                    success: true,
-                    subscriber: {
-                        id: subscriber.id,
-                        email: subscriber.email,
-                        name: subscriber.name,
-                        locale: subscriber.locale,
-                        emailPreferences: subscriber.emailPreferences,
-                        subscriptionStatus: subscriber.subscriptionStatus
-                    }
-                });
-            } catch (error) {
-                console.error('Update preferences error:', error);
-                res.status(500).json({
-                    success: false,
-                    error: 'Failed to update preferences'
-                });
-            }
-        }
-    };
-};
-
-//# sourceMappingURL=preferences.js.map

package/dist/src/endpoints/preferences.js.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../../../src/endpoints/preferences.ts"],"sourcesContent":["import type { Endpoint, PayloadHandler } from 'payload'\nimport type { NewsletterPluginConfig } from '../types'\nimport { verifySessionToken } from '../utils/jwt'\n\nexport const createPreferencesEndpoint = (\n  config: NewsletterPluginConfig\n): Endpoint => {\n  return {\n    path: '/newsletter/preferences',\n    method: 'get',\n    handler: (async (req: any, res: any) => {\n      try {\n        // Get token from Authorization header\n        const authHeader = req.headers.authorization\n        if (!authHeader || !authHeader.startsWith('Bearer ')) {\n          return res.status(401).json({\n            success: false,\n            error: 'Authorization required',\n          })\n        }\n\n        const token = authHeader.substring(7)\n\n        // Verify session token\n        let payload\n        try {\n          payload = verifySessionToken(token)\n        } catch (error: unknown) {\n          return res.status(401).json({\n            success: false,\n            error: error instanceof Error ? error.message : 'Invalid token',\n          })\n        }\n\n        // Get subscriber - use synthetic user to ensure access control\n        const subscriber = await req.payload.findByID({\n          collection: config.subscribersSlug || 'subscribers',\n          id: payload.subscriberId,\n          overrideAccess: false,\n          user: {\n            collection: 'subscribers',\n            id: payload.subscriberId,\n            email: payload.email,\n          },\n        })\n\n        if (!subscriber) {\n          return res.status(404).json({\n            success: false,\n            error: 'Subscriber not found',\n          })\n        }\n\n        res.json({\n          success: true,\n          subscriber: {\n            id: subscriber.id,\n            email: subscriber.email,\n            name: subscriber.name,\n            locale: subscriber.locale,\n            emailPreferences: subscriber.emailPreferences,\n            subscriptionStatus: subscriber.subscriptionStatus,\n          },\n        })\n      } catch (error: unknown) {\n        console.error('Get preferences error:', error)\n        res.status(500).json({\n          success: false,\n          error: 'Failed to get preferences',\n        })\n      }\n    }) as PayloadHandler,\n  }\n}\n\nexport const createUpdatePreferencesEndpoint = (\n  config: NewsletterPluginConfig\n): Endpoint => {\n  return {\n    path: '/newsletter/preferences',\n    method: 'post',\n    handler: (async (req: any, res: any) => {\n      try {\n        // Get token from Authorization header\n        const authHeader = req.headers.authorization\n        if (!authHeader || !authHeader.startsWith('Bearer ')) {\n          return res.status(401).json({\n            success: false,\n            error: 'Authorization required',\n          })\n        }\n\n        const token = authHeader.substring(7)\n\n        // Verify session token\n        let payload\n        try {\n          payload = verifySessionToken(token)\n        } catch (error: unknown) {\n          return res.status(401).json({\n            success: false,\n            error: error instanceof Error ? error.message : 'Invalid token',\n          })\n        }\n\n        const { name, locale, emailPreferences } = req.body\n\n        // Prepare update data\n        const updateData: any = {}\n        \n        if (name !== undefined) {\n          updateData.name = name\n        }\n        \n        if (locale !== undefined) {\n          updateData.locale = locale\n        }\n        \n        if (emailPreferences !== undefined) {\n          updateData.emailPreferences = emailPreferences\n        }\n\n        // Update subscriber - use synthetic user to ensure only updating own data\n        const subscriber = await req.payload.update({\n          collection: config.subscribersSlug || 'subscribers',\n          id: payload.subscriberId,\n          data: updateData,\n          overrideAccess: false,\n          user: {\n            collection: 'subscribers',\n            id: payload.subscriberId,\n            email: payload.email,\n          },\n        })\n\n        res.json({\n          success: true,\n          subscriber: {\n            id: subscriber.id,\n            email: subscriber.email,\n            name: subscriber.name,\n            locale: subscriber.locale,\n            emailPreferences: subscriber.emailPreferences,\n            subscriptionStatus: subscriber.subscriptionStatus,\n          },\n        })\n      } catch (error: unknown) {\n        console.error('Update preferences error:', error)\n        res.status(500).json({\n          success: false,\n          error: 'Failed to update preferences',\n        })\n      }\n    }) as PayloadHandler,\n  }\n}"],"names":["verifySessionToken","createPreferencesEndpoint","config","path","method","handler","req","res","authHeader","headers","authorization","startsWith","status","json","success","error","token","substring","payload","Error","message","subscriber","findByID","collection","subscribersSlug","id","subscriberId","overrideAccess","user","email","name","locale","emailPreferences","subscriptionStatus","console","createUpdatePreferencesEndpoint","body","updateData","undefined","update","data"],"mappings":"AAEA,SAASA,kBAAkB,QAAQ,eAAc;AAEjD,OAAO,MAAMC,4BAA4B,CACvCC;IAEA,OAAO;QACLC,MAAM;QACNC,QAAQ;QACRC,SAAU,OAAOC,KAAUC;YACzB,IAAI;gBACF,sCAAsC;gBACtC,MAAMC,aAAaF,IAAIG,OAAO,CAACC,aAAa;gBAC5C,IAAI,CAACF,cAAc,CAACA,WAAWG,UAAU,CAAC,YAAY;oBACpD,OAAOJ,IAAIK,MAAM,CAAC,KAAKC,IAAI,CAAC;wBAC1BC,SAAS;wBACTC,OAAO;oBACT;gBACF;gBAEA,MAAMC,QAAQR,WAAWS,SAAS,CAAC;gBAEnC,uBAAuB;gBACvB,IAAIC;gBACJ,IAAI;oBACFA,UAAUlB,mBAAmBgB;gBAC/B,EAAE,OAAOD,OAAgB;oBACvB,OAAOR,IAAIK,MAAM,CAAC,KAAKC,IAAI,CAAC;wBAC1BC,SAAS;wBACTC,OAAOA,iBAAiBI,QAAQJ,MAAMK,OAAO,GAAG;oBAClD;gBACF;gBAEA,+DAA+D;gBAC/D,MAAMC,aAAa,MAAMf,IAAIY,OAAO,CAACI,QAAQ,CAAC;oBAC5CC,YAAYrB,OAAOsB,eAAe,IAAI;oBACtCC,IAAIP,QAAQQ,YAAY;oBACxBC,gBAAgB;oBAChBC,MAAM;wBACJL,YAAY;wBACZE,IAAIP,QAAQQ,YAAY;wBACxBG,OAAOX,QAAQW,KAAK;oBACtB;gBACF;gBAEA,IAAI,CAACR,YAAY;oBACf,OAAOd,IAAIK,MAAM,CAAC,KAAKC,IAAI,CAAC;wBAC1BC,SAAS;wBACTC,OAAO;oBACT;gBACF;gBAEAR,IAAIM,IAAI,CAAC;oBACPC,SAAS;oBACTO,YAAY;wBACVI,IAAIJ,WAAWI,EAAE;wBACjBI,OAAOR,WAAWQ,KAAK;wBACvBC,MAAMT,WAAWS,IAAI;wBACrBC,QAAQV,WAAWU,MAAM;wBACzBC,kBAAkBX,WAAWW,gBAAgB;wBAC7CC,oBAAoBZ,WAAWY,kBAAkB;oBACnD;gBACF;YACF,EAAE,OAAOlB,OAAgB;gBACvBmB,QAAQnB,KAAK,CAAC,0BAA0BA;gBACxCR,IAAIK,MAAM,CAAC,KAAKC,IAAI,CAAC;oBACnBC,SAAS;oBACTC,OAAO;gBACT;YACF;QACF;IACF;AACF,EAAC;AAED,OAAO,MAAMoB,kCAAkC,CAC7CjC;IAEA,OAAO;QACLC,MAAM;QACNC,QAAQ;QACRC,SAAU,OAAOC,KAAUC;YACzB,IAAI;gBACF,sCAAsC;gBACtC,MAAMC,aAAaF,IAAIG,OAAO,CAACC,aAAa;gBAC5C,IAAI,CAACF,cAAc,CAACA,WAAWG,UAAU,CAAC,YAAY;oBACpD,OAAOJ,IAAIK,MAAM,CAAC,KAAKC,IAAI,CAAC;wBAC1BC,SAAS;wBACTC,OAAO;oBACT;gBACF;gBAEA,MAAMC,QAAQR,WAAWS,SAAS,CAAC;gBAEnC,uBAAuB;gBACvB,IAAIC;gBACJ,IAAI;oBACFA,UAAUlB,mBAAmBgB;gBAC/B,EAAE,OAAOD,OAAgB;oBACvB,OAAOR,IAAIK,MAAM,CAAC,KAAKC,IAAI,CAAC;wBAC1BC,SAAS;wBACTC,OAAOA,iBAAiBI,QAAQJ,MAAMK,OAAO,GAAG;oBAClD;gBACF;gBAEA,MAAM,EAAEU,IAAI,EAAEC,MAAM,EAAEC,gBAAgB,EAAE,GAAG1B,IAAI8B,IAAI;gBAEnD,sBAAsB;gBACtB,MAAMC,aAAkB,CAAC;gBAEzB,IAAIP,SAASQ,WAAW;oBACtBD,WAAWP,IAAI,GAAGA;gBACpB;gBAEA,IAAIC,WAAWO,WAAW;oBACxBD,WAAWN,MAAM,GAAGA;gBACtB;gBAEA,IAAIC,qBAAqBM,WAAW;oBAClCD,WAAWL,gBAAgB,GAAGA;gBAChC;gBAEA,0EAA0E;gBAC1E,MAAMX,aAAa,MAAMf,IAAIY,OAAO,CAACqB,MAAM,CAAC;oBAC1ChB,YAAYrB,OAAOsB,eAAe,IAAI;oBACtCC,IAAIP,QAAQQ,YAAY;oBACxBc,MAAMH;oBACNV,gBAAgB;oBAChBC,MAAM;wBACJL,YAAY;wBACZE,IAAIP,QAAQQ,YAAY;wBACxBG,OAAOX,QAAQW,KAAK;oBACtB;gBACF;gBAEAtB,IAAIM,IAAI,CAAC;oBACPC,SAAS;oBACTO,YAAY;wBACVI,IAAIJ,WAAWI,EAAE;wBACjBI,OAAOR,WAAWQ,KAAK;wBACvBC,MAAMT,WAAWS,IAAI;wBACrBC,QAAQV,WAAWU,MAAM;wBACzBC,kBAAkBX,WAAWW,gBAAgB;wBAC7CC,oBAAoBZ,WAAWY,kBAAkB;oBACnD;gBACF;YACF,EAAE,OAAOlB,OAAgB;gBACvBmB,QAAQnB,KAAK,CAAC,6BAA6BA;gBAC3CR,IAAIK,MAAM,CAAC,KAAKC,IAAI,CAAC;oBACnBC,SAAS;oBACTC,OAAO;gBACT;YACF;QACF;IACF;AACF,EAAC"}

package/dist/src/endpoints/subscribe.js

@@ -1,151 +0,0 @@
-import { isDomainAllowed, sanitizeInput, validateSubscriberData, extractUTMParams } from '../utils/validation';
-export const createSubscribeEndpoint = (config)=>{
-    return {
-        path: '/newsletter/subscribe',
-        method: 'post',
-        handler: async (req, res)=>{
-            try {
-                const { email, name, source, preferences, leadMagnet, surveyResponses, metadata = {} } = req.body;
-                // Validate input
-                const validation = validateSubscriberData({
-                    email,
-                    name,
-                    source
-                });
-                if (!validation.valid) {
-                    return res.status(400).json({
-                        success: false,
-                        errors: validation.errors
-                    });
-                }
-                // Check domain restrictions from active settings
-                // Settings are public info needed for validation, but we can still respect access control
-                const settingsResult = await req.payload.find({
-                    collection: config.settingsSlug || 'newsletter-settings',
-                    where: {
-                        active: {
-                            equals: true
-                        }
-                    },
-                    limit: 1,
-                    overrideAccess: false
-                });
-                const settings = settingsResult.docs[0];
-                const allowedDomains = settings?.allowedDomains?.map((d)=>d.domain) || [];
-                if (!isDomainAllowed(email, allowedDomains)) {
-                    return res.status(400).json({
-                        success: false,
-                        error: 'Email domain not allowed'
-                    });
-                }
-                // Check if already subscribed
-                // This needs admin access to check for existing email
-                const existing = await req.payload.find({
-                    collection: config.subscribersSlug || 'subscribers',
-                    where: {
-                        email: {
-                            equals: email.toLowerCase()
-                        }
-                    }
-                });
-                if (existing.docs.length > 0) {
-                    const subscriber = existing.docs[0];
-                    // If unsubscribed, don't allow resubscription via API
-                    if (subscriber.subscriptionStatus === 'unsubscribed') {
-                        return res.status(400).json({
-                            success: false,
-                            error: 'This email has been unsubscribed. Please contact support to resubscribe.'
-                        });
-                    }
-                    return res.status(400).json({
-                        success: false,
-                        error: 'Already subscribed',
-                        subscriber: {
-                            id: subscriber.id,
-                            email: subscriber.email,
-                            subscriptionStatus: subscriber.subscriptionStatus
-                        }
-                    });
-                }
-                // Check IP rate limiting
-                const ipAddress = req.ip || req.connection.remoteAddress;
-                const maxPerIP = settings?.maxSubscribersPerIP || 10;
-                const ipSubscribers = await req.payload.find({
-                    collection: config.subscribersSlug || 'subscribers',
-                    where: {
-                        'signupMetadata.ipAddress': {
-                            equals: ipAddress
-                        }
-                    }
-                });
-                if (ipSubscribers.docs.length >= maxPerIP) {
-                    return res.status(429).json({
-                        success: false,
-                        error: 'Too many subscriptions from this IP address'
-                    });
-                }
-                // Extract UTM parameters
-                const referer = req.headers.referer || req.headers.referrer || '';
-                const utmParams = extractUTMParams(new URL(referer).searchParams);
-                // Prepare subscriber data
-                const subscriberData = {
-                    email: email.toLowerCase(),
-                    name: name ? sanitizeInput(name) : undefined,
-                    locale: metadata.locale || config.i18n?.defaultLocale || 'en',
-                    subscriptionStatus: settings?.requireDoubleOptIn ? 'pending' : 'active',
-                    source: source || 'api',
-                    emailPreferences: {
-                        newsletter: true,
-                        announcements: true,
-                        ...preferences || {}
-                    },
-                    signupMetadata: {
-                        ipAddress,
-                        userAgent: req.headers['user-agent'],
-                        referrer: referer,
-                        signupPage: metadata.signupPage || referer
-                    }
-                };
-                // Add UTM parameters if tracking is enabled
-                if (config.features?.utmTracking?.enabled && Object.keys(utmParams).length > 0) {
-                    subscriberData.utmParameters = utmParams;
-                }
-                // Add lead magnet if provided
-                if (config.features?.leadMagnets?.enabled && leadMagnet) {
-                    subscriberData.leadMagnet = leadMagnet;
-                }
-                // Create subscriber
-                // Public endpoint needs to create subscribers
-                const subscriber = await req.payload.create({
-                    collection: config.subscribersSlug || 'subscribers',
-                    data: subscriberData
-                });
-                // Handle survey responses if provided
-                if (config.features?.surveys?.enabled && surveyResponses) {
-                // TODO: Store survey responses
-                }
-                // Send confirmation email if double opt-in
-                if (settings?.requireDoubleOptIn) {
-                // TODO: Send confirmation email with magic link
-                }
-                res.json({
-                    success: true,
-                    subscriber: {
-                        id: subscriber.id,
-                        email: subscriber.email,
-                        subscriptionStatus: subscriber.subscriptionStatus
-                    },
-                    message: settings?.requireDoubleOptIn ? 'Please check your email to confirm your subscription' : 'Successfully subscribed'
-                });
-            } catch (error) {
-                console.error('Subscribe endpoint error:', error);
-                res.status(500).json({
-                    success: false,
-                    error: 'Failed to subscribe. Please try again.'
-                });
-            }
-        }
-    };
-};
-
-//# sourceMappingURL=subscribe.js.map

package/dist/src/endpoints/subscribe.js.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../../../src/endpoints/subscribe.ts"],"sourcesContent":["import type { Endpoint, PayloadHandler } from 'payload'\nimport type { NewsletterPluginConfig } from '../types'\nimport { \n  isDomainAllowed, \n  sanitizeInput, \n  validateSubscriberData,\n  extractUTMParams \n} from '../utils/validation'\n\nexport const createSubscribeEndpoint = (\n  config: NewsletterPluginConfig\n): Endpoint => {\n  return {\n    path: '/newsletter/subscribe',\n    method: 'post',\n    handler: (async (req: any, res: any) => {\n      try {\n        const { \n          email, \n          name, \n          source,\n          preferences,\n          leadMagnet,\n          surveyResponses,\n          metadata = {}\n        } = req.body\n\n        // Validate input\n        const validation = validateSubscriberData({ email, name, source })\n        if (!validation.valid) {\n          return res.status(400).json({\n            success: false,\n            errors: validation.errors,\n          })\n        }\n\n        // Check domain restrictions from active settings\n        // Settings are public info needed for validation, but we can still respect access control\n        const settingsResult = await req.payload.find({\n          collection: config.settingsSlug || 'newsletter-settings',\n          where: {\n            active: {\n              equals: true,\n            },\n          },\n          limit: 1,\n          overrideAccess: false,\n          // No user context for public endpoint\n        })\n        \n        const settings = settingsResult.docs[0]\n\n        const allowedDomains = settings?.allowedDomains?.map((d: any) => d.domain) || []\n        if (!isDomainAllowed(email, allowedDomains)) {\n          return res.status(400).json({\n            success: false,\n            error: 'Email domain not allowed',\n          })\n        }\n\n        // Check if already subscribed\n        // This needs admin access to check for existing email\n        const existing = await req.payload.find({\n          collection: config.subscribersSlug || 'subscribers',\n          where: {\n            email: {\n              equals: email.toLowerCase(),\n            },\n          },\n          // Keep overrideAccess: true for public subscription check\n        })\n\n        if (existing.docs.length > 0) {\n          const subscriber = existing.docs[0]\n          \n          // If unsubscribed, don't allow resubscription via API\n          if (subscriber.subscriptionStatus === 'unsubscribed') {\n            return res.status(400).json({\n              success: false,\n              error: 'This email has been unsubscribed. Please contact support to resubscribe.',\n            })\n          }\n\n          return res.status(400).json({\n            success: false,\n            error: 'Already subscribed',\n            subscriber: {\n              id: subscriber.id,\n              email: subscriber.email,\n              subscriptionStatus: subscriber.subscriptionStatus,\n            },\n          })\n        }\n\n        // Check IP rate limiting\n        const ipAddress = req.ip || req.connection.remoteAddress\n        const maxPerIP = settings?.maxSubscribersPerIP || 10\n\n        const ipSubscribers = await req.payload.find({\n          collection: config.subscribersSlug || 'subscribers',\n          where: {\n            'signupMetadata.ipAddress': {\n              equals: ipAddress,\n            },\n          },\n          // Keep overrideAccess: true for rate limiting check\n        })\n\n        if (ipSubscribers.docs.length >= maxPerIP) {\n          return res.status(429).json({\n            success: false,\n            error: 'Too many subscriptions from this IP address',\n          })\n        }\n\n        // Extract UTM parameters\n        const referer = req.headers.referer || req.headers.referrer || ''\n        const utmParams = extractUTMParams(new URL(referer).searchParams)\n\n        // Prepare subscriber data\n        const subscriberData: any = {\n          email: email.toLowerCase(),\n          name: name ? sanitizeInput(name) : undefined,\n          locale: metadata.locale || config.i18n?.defaultLocale || 'en',\n          subscriptionStatus: settings?.requireDoubleOptIn ? 'pending' : 'active',\n          source: source || 'api',\n          emailPreferences: {\n            newsletter: true,\n            announcements: true,\n            ...(preferences || {}),\n          },\n          signupMetadata: {\n            ipAddress,\n            userAgent: req.headers['user-agent'],\n            referrer: referer,\n            signupPage: metadata.signupPage || referer,\n          },\n        }\n\n        // Add UTM parameters if tracking is enabled\n        if (config.features?.utmTracking?.enabled && Object.keys(utmParams).length > 0) {\n          subscriberData.utmParameters = utmParams\n        }\n\n        // Add lead magnet if provided\n        if (config.features?.leadMagnets?.enabled && leadMagnet) {\n          subscriberData.leadMagnet = leadMagnet\n        }\n\n        // Create subscriber\n        // Public endpoint needs to create subscribers\n        const subscriber = await req.payload.create({\n          collection: config.subscribersSlug || 'subscribers',\n          data: subscriberData,\n          // Keep overrideAccess: true for public subscription\n        })\n\n        // Handle survey responses if provided\n        if (config.features?.surveys?.enabled && surveyResponses) {\n          // TODO: Store survey responses\n        }\n\n        // Send confirmation email if double opt-in\n        if (settings?.requireDoubleOptIn) {\n          // TODO: Send confirmation email with magic link\n        }\n\n        res.json({\n          success: true,\n          subscriber: {\n            id: subscriber.id,\n            email: subscriber.email,\n            subscriptionStatus: subscriber.subscriptionStatus,\n          },\n          message: settings?.requireDoubleOptIn \n            ? 'Please check your email to confirm your subscription'\n            : 'Successfully subscribed',\n        })\n      } catch (error) {\n        console.error('Subscribe endpoint error:', error)\n        res.status(500).json({\n          success: false,\n          error: 'Failed to subscribe. Please try again.',\n        })\n      }\n    }) as PayloadHandler,\n  }\n}"],"names":["isDomainAllowed","sanitizeInput","validateSubscriberData","extractUTMParams","createSubscribeEndpoint","config","path","method","handler","req","res","email","name","source","preferences","leadMagnet","surveyResponses","metadata","body","validation","valid","status","json","success","errors","settingsResult","payload","find","collection","settingsSlug","where","active","equals","limit","overrideAccess","settings","docs","allowedDomains","map","d","domain","error","existing","subscribersSlug","toLowerCase","length","subscriber","subscriptionStatus","id","ipAddress","ip","connection","remoteAddress","maxPerIP","maxSubscribersPerIP","ipSubscribers","referer","headers","referrer","utmParams","URL","searchParams","subscriberData","undefined","locale","i18n","defaultLocale","requireDoubleOptIn","emailPreferences","newsletter","announcements","signupMetadata","userAgent","signupPage","features","utmTracking","enabled","Object","keys","utmParameters","leadMagnets","create","data","surveys","message","console"],"mappings":"AAEA,SACEA,eAAe,EACfC,aAAa,EACbC,sBAAsB,EACtBC,gBAAgB,QACX,sBAAqB;AAE5B,OAAO,MAAMC,0BAA0B,CACrCC;IAEA,OAAO;QACLC,MAAM;QACNC,QAAQ;QACRC,SAAU,OAAOC,KAAUC;YACzB,IAAI;gBACF,MAAM,EACJC,KAAK,EACLC,IAAI,EACJC,MAAM,EACNC,WAAW,EACXC,UAAU,EACVC,eAAe,EACfC,WAAW,CAAC,CAAC,EACd,GAAGR,IAAIS,IAAI;gBAEZ,iBAAiB;gBACjB,MAAMC,aAAajB,uBAAuB;oBAAES;oBAAOC;oBAAMC;gBAAO;gBAChE,IAAI,CAACM,WAAWC,KAAK,EAAE;oBACrB,OAAOV,IAAIW,MAAM,CAAC,KAAKC,IAAI,CAAC;wBAC1BC,SAAS;wBACTC,QAAQL,WAAWK,MAAM;oBAC3B;gBACF;gBAEA,iDAAiD;gBACjD,0FAA0F;gBAC1F,MAAMC,iBAAiB,MAAMhB,IAAIiB,OAAO,CAACC,IAAI,CAAC;oBAC5CC,YAAYvB,OAAOwB,YAAY,IAAI;oBACnCC,OAAO;wBACLC,QAAQ;4BACNC,QAAQ;wBACV;oBACF;oBACAC,OAAO;oBACPC,gBAAgB;gBAElB;gBAEA,MAAMC,WAAWV,eAAeW,IAAI,CAAC,EAAE;gBAEvC,MAAMC,iBAAiBF,UAAUE,gBAAgBC,IAAI,CAACC,IAAWA,EAAEC,MAAM,KAAK,EAAE;gBAChF,IAAI,CAACxC,gBAAgBW,OAAO0B,iBAAiB;oBAC3C,OAAO3B,IAAIW,MAAM,CAAC,KAAKC,IAAI,CAAC;wBAC1BC,SAAS;wBACTkB,OAAO;oBACT;gBACF;gBAEA,8BAA8B;gBAC9B,sDAAsD;gBACtD,MAAMC,WAAW,MAAMjC,IAAIiB,OAAO,CAACC,IAAI,CAAC;oBACtCC,YAAYvB,OAAOsC,eAAe,IAAI;oBACtCb,OAAO;wBACLnB,OAAO;4BACLqB,QAAQrB,MAAMiC,WAAW;wBAC3B;oBACF;gBAEF;gBAEA,IAAIF,SAASN,IAAI,CAACS,MAAM,GAAG,GAAG;oBAC5B,MAAMC,aAAaJ,SAASN,IAAI,CAAC,EAAE;oBAEnC,sDAAsD;oBACtD,IAAIU,WAAWC,kBAAkB,KAAK,gBAAgB;wBACpD,OAAOrC,IAAIW,MAAM,CAAC,KAAKC,IAAI,CAAC;4BAC1BC,SAAS;4BACTkB,OAAO;wBACT;oBACF;oBAEA,OAAO/B,IAAIW,MAAM,CAAC,KAAKC,IAAI,CAAC;wBAC1BC,SAAS;wBACTkB,OAAO;wBACPK,YAAY;4BACVE,IAAIF,WAAWE,EAAE;4BACjBrC,OAAOmC,WAAWnC,KAAK;4BACvBoC,oBAAoBD,WAAWC,kBAAkB;wBACnD;oBACF;gBACF;gBAEA,yBAAyB;gBACzB,MAAME,YAAYxC,IAAIyC,EAAE,IAAIzC,IAAI0C,UAAU,CAACC,aAAa;gBACxD,MAAMC,WAAWlB,UAAUmB,uBAAuB;gBAElD,MAAMC,gBAAgB,MAAM9C,IAAIiB,OAAO,CAACC,IAAI,CAAC;oBAC3CC,YAAYvB,OAAOsC,eAAe,IAAI;oBACtCb,OAAO;wBACL,4BAA4B;4BAC1BE,QAAQiB;wBACV;oBACF;gBAEF;gBAEA,IAAIM,cAAcnB,IAAI,CAACS,MAAM,IAAIQ,UAAU;oBACzC,OAAO3C,IAAIW,MAAM,CAAC,KAAKC,IAAI,CAAC;wBAC1BC,SAAS;wBACTkB,OAAO;oBACT;gBACF;gBAEA,yBAAyB;gBACzB,MAAMe,UAAU/C,IAAIgD,OAAO,CAACD,OAAO,IAAI/C,IAAIgD,OAAO,CAACC,QAAQ,IAAI;gBAC/D,MAAMC,YAAYxD,iBAAiB,IAAIyD,IAAIJ,SAASK,YAAY;gBAEhE,0BAA0B;gBAC1B,MAAMC,iBAAsB;oBAC1BnD,OAAOA,MAAMiC,WAAW;oBACxBhC,MAAMA,OAAOX,cAAcW,QAAQmD;oBACnCC,QAAQ/C,SAAS+C,MAAM,IAAI3D,OAAO4D,IAAI,EAAEC,iBAAiB;oBACzDnB,oBAAoBZ,UAAUgC,qBAAqB,YAAY;oBAC/DtD,QAAQA,UAAU;oBAClBuD,kBAAkB;wBAChBC,YAAY;wBACZC,eAAe;wBACf,GAAIxD,eAAe,CAAC,CAAC;oBACvB;oBACAyD,gBAAgB;wBACdtB;wBACAuB,WAAW/D,IAAIgD,OAAO,CAAC,aAAa;wBACpCC,UAAUF;wBACViB,YAAYxD,SAASwD,UAAU,IAAIjB;oBACrC;gBACF;gBAEA,4CAA4C;gBAC5C,IAAInD,OAAOqE,QAAQ,EAAEC,aAAaC,WAAWC,OAAOC,IAAI,CAACnB,WAAWd,MAAM,GAAG,GAAG;oBAC9EiB,eAAeiB,aAAa,GAAGpB;gBACjC;gBAEA,8BAA8B;gBAC9B,IAAItD,OAAOqE,QAAQ,EAAEM,aAAaJ,WAAW7D,YAAY;oBACvD+C,eAAe/C,UAAU,GAAGA;gBAC9B;gBAEA,oBAAoB;gBACpB,8CAA8C;gBAC9C,MAAM+B,aAAa,MAAMrC,IAAIiB,OAAO,CAACuD,MAAM,CAAC;oBAC1CrD,YAAYvB,OAAOsC,eAAe,IAAI;oBACtCuC,MAAMpB;gBAER;gBAEA,sCAAsC;gBACtC,IAAIzD,OAAOqE,QAAQ,EAAES,SAASP,WAAW5D,iBAAiB;gBACxD,+BAA+B;gBACjC;gBAEA,2CAA2C;gBAC3C,IAAImB,UAAUgC,oBAAoB;gBAChC,gDAAgD;gBAClD;gBAEAzD,IAAIY,IAAI,CAAC;oBACPC,SAAS;oBACTuB,YAAY;wBACVE,IAAIF,WAAWE,EAAE;wBACjBrC,OAAOmC,WAAWnC,KAAK;wBACvBoC,oBAAoBD,WAAWC,kBAAkB;oBACnD;oBACAqC,SAASjD,UAAUgC,qBACf,yDACA;gBACN;YACF,EAAE,OAAO1B,OAAO;gBACd4C,QAAQ5C,KAAK,CAAC,6BAA6BA;gBAC3C/B,IAAIW,MAAM,CAAC,KAAKC,IAAI,CAAC;oBACnBC,SAAS;oBACTkB,OAAO;gBACT;YACF;QACF;IACF;AACF,EAAC"}

package/dist/src/endpoints/unsubscribe.js

@@ -1,105 +0,0 @@
-import { isValidEmail } from '../utils/validation';
-export const createUnsubscribeEndpoint = (config)=>{
-    return {
-        path: '/newsletter/unsubscribe',
-        method: 'post',
-        handler: async (req, res)=>{
-            try {
-                const { email, token } = req.body;
-                // Two methods: email or token
-                if (!email && !token) {
-                    return res.status(400).json({
-                        success: false,
-                        error: 'Email or token is required'
-                    });
-                }
-                let subscriber;
-                if (token) {
-                    // Token-based unsubscribe (from email link)
-                    try {
-                        const jwt = await import('jsonwebtoken');
-                        const payload = jwt.verify(token, process.env.JWT_SECRET || process.env.PAYLOAD_SECRET || '');
-                        if (payload.type !== 'unsubscribe') {
-                            throw new Error('Invalid token type');
-                        }
-                        // Token verified, so we can look up the subscriber
-                        // Using overrideAccess: true here is OK since we verified the token
-                        subscriber = await req.payload.findByID({
-                            collection: config.subscribersSlug || 'subscribers',
-                            id: payload.subscriberId
-                        });
-                    } catch  {
-                        return res.status(401).json({
-                            success: false,
-                            error: 'Invalid or expired unsubscribe link'
-                        });
-                    }
-                } else {
-                    // Email-based unsubscribe
-                    if (!isValidEmail(email)) {
-                        return res.status(400).json({
-                            success: false,
-                            error: 'Invalid email format'
-                        });
-                    }
-                    const result = await req.payload.find({
-                        collection: config.subscribersSlug || 'subscribers',
-                        where: {
-                            email: {
-                                equals: email.toLowerCase()
-                            }
-                        }
-                    });
-                    if (result.docs.length === 0) {
-                        // Don't reveal if email exists or not
-                        return res.json({
-                            success: true,
-                            message: 'If this email was subscribed, it has been unsubscribed.'
-                        });
-                    }
-                    subscriber = result.docs[0];
-                }
-                if (!subscriber) {
-                    return res.json({
-                        success: true,
-                        message: 'If this email was subscribed, it has been unsubscribed.'
-                    });
-                }
-                // Check if already unsubscribed
-                if (subscriber.subscriptionStatus === 'unsubscribed') {
-                    return res.json({
-                        success: true,
-                        message: 'Already unsubscribed'
-                    });
-                }
-                // Update subscription status - use synthetic user to ensure proper access
-                await req.payload.update({
-                    collection: config.subscribersSlug || 'subscribers',
-                    id: subscriber.id,
-                    data: {
-                        subscriptionStatus: 'unsubscribed',
-                        unsubscribedAt: new Date().toISOString()
-                    },
-                    overrideAccess: false,
-                    user: {
-                        collection: 'subscribers',
-                        id: subscriber.id,
-                        email: subscriber.email
-                    }
-                });
-                res.json({
-                    success: true,
-                    message: 'Successfully unsubscribed'
-                });
-            } catch (error) {
-                console.error('Unsubscribe error:', error);
-                res.status(500).json({
-                    success: false,
-                    error: 'Failed to unsubscribe. Please try again.'
-                });
-            }
-        }
-    };
-};
-
-//# sourceMappingURL=unsubscribe.js.map

package/dist/src/endpoints/unsubscribe.js.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../../../src/endpoints/unsubscribe.ts"],"sourcesContent":["import type { Endpoint, PayloadHandler } from 'payload'\nimport type { NewsletterPluginConfig } from '../types'\nimport { isValidEmail } from '../utils/validation'\n\nexport const createUnsubscribeEndpoint = (\n  config: NewsletterPluginConfig\n): Endpoint => {\n  return {\n    path: '/newsletter/unsubscribe',\n    method: 'post',\n    handler: (async (req: any, res: any) => {\n      try {\n        const { email, token } = req.body\n\n        // Two methods: email or token\n        if (!email && !token) {\n          return res.status(400).json({\n            success: false,\n            error: 'Email or token is required',\n          })\n        }\n\n        let subscriber\n\n        if (token) {\n          // Token-based unsubscribe (from email link)\n          try {\n            const jwt = await import('jsonwebtoken')\n            const payload = jwt.verify(\n              token,\n              process.env.JWT_SECRET || process.env.PAYLOAD_SECRET || ''\n            ) as any\n\n            if (payload.type !== 'unsubscribe') {\n              throw new Error('Invalid token type')\n            }\n\n            // Token verified, so we can look up the subscriber\n            // Using overrideAccess: true here is OK since we verified the token\n            subscriber = await req.payload.findByID({\n              collection: config.subscribersSlug || 'subscribers',\n              id: payload.subscriberId,\n            })\n          } catch {\n            return res.status(401).json({\n              success: false,\n              error: 'Invalid or expired unsubscribe link',\n            })\n          }\n        } else {\n          // Email-based unsubscribe\n          if (!isValidEmail(email)) {\n            return res.status(400).json({\n              success: false,\n              error: 'Invalid email format',\n            })\n          }\n\n          const result = await req.payload.find({\n            collection: config.subscribersSlug || 'subscribers',\n            where: {\n              email: {\n                equals: email.toLowerCase(),\n              },\n            },\n          })\n\n          if (result.docs.length === 0) {\n            // Don't reveal if email exists or not\n            return res.json({\n              success: true,\n              message: 'If this email was subscribed, it has been unsubscribed.',\n            })\n          }\n\n          subscriber = result.docs[0]\n        }\n\n        if (!subscriber) {\n          return res.json({\n            success: true,\n            message: 'If this email was subscribed, it has been unsubscribed.',\n          })\n        }\n\n        // Check if already unsubscribed\n        if (subscriber.subscriptionStatus === 'unsubscribed') {\n          return res.json({\n            success: true,\n            message: 'Already unsubscribed',\n          })\n        }\n\n        // Update subscription status - use synthetic user to ensure proper access\n        await req.payload.update({\n          collection: config.subscribersSlug || 'subscribers',\n          id: subscriber.id,\n          data: {\n            subscriptionStatus: 'unsubscribed',\n            unsubscribedAt: new Date().toISOString(),\n          },\n          overrideAccess: false,\n          user: {\n            collection: 'subscribers',\n            id: subscriber.id,\n            email: subscriber.email,\n          },\n        })\n\n        res.json({\n          success: true,\n          message: 'Successfully unsubscribed',\n        })\n      } catch (error: unknown) {\n        console.error('Unsubscribe error:', error)\n        res.status(500).json({\n          success: false,\n          error: 'Failed to unsubscribe. Please try again.',\n        })\n      }\n    }) as PayloadHandler,\n  }\n}"],"names":["isValidEmail","createUnsubscribeEndpoint","config","path","method","handler","req","res","email","token","body","status","json","success","error","subscriber","jwt","payload","verify","process","env","JWT_SECRET","PAYLOAD_SECRET","type","Error","findByID","collection","subscribersSlug","id","subscriberId","result","find","where","equals","toLowerCase","docs","length","message","subscriptionStatus","update","data","unsubscribedAt","Date","toISOString","overrideAccess","user","console"],"mappings":"AAEA,SAASA,YAAY,QAAQ,sBAAqB;AAElD,OAAO,MAAMC,4BAA4B,CACvCC;IAEA,OAAO;QACLC,MAAM;QACNC,QAAQ;QACRC,SAAU,OAAOC,KAAUC;YACzB,IAAI;gBACF,MAAM,EAAEC,KAAK,EAAEC,KAAK,EAAE,GAAGH,IAAII,IAAI;gBAEjC,8BAA8B;gBAC9B,IAAI,CAACF,SAAS,CAACC,OAAO;oBACpB,OAAOF,IAAII,MAAM,CAAC,KAAKC,IAAI,CAAC;wBAC1BC,SAAS;wBACTC,OAAO;oBACT;gBACF;gBAEA,IAAIC;gBAEJ,IAAIN,OAAO;oBACT,4CAA4C;oBAC5C,IAAI;wBACF,MAAMO,MAAM,MAAM,MAAM,CAAC;wBACzB,MAAMC,UAAUD,IAAIE,MAAM,CACxBT,OACAU,QAAQC,GAAG,CAACC,UAAU,IAAIF,QAAQC,GAAG,CAACE,cAAc,IAAI;wBAG1D,IAAIL,QAAQM,IAAI,KAAK,eAAe;4BAClC,MAAM,IAAIC,MAAM;wBAClB;wBAEA,mDAAmD;wBACnD,oEAAoE;wBACpET,aAAa,MAAMT,IAAIW,OAAO,CAACQ,QAAQ,CAAC;4BACtCC,YAAYxB,OAAOyB,eAAe,IAAI;4BACtCC,IAAIX,QAAQY,YAAY;wBAC1B;oBACF,EAAE,OAAM;wBACN,OAAOtB,IAAII,MAAM,CAAC,KAAKC,IAAI,CAAC;4BAC1BC,SAAS;4BACTC,OAAO;wBACT;oBACF;gBACF,OAAO;oBACL,0BAA0B;oBAC1B,IAAI,CAACd,aAAaQ,QAAQ;wBACxB,OAAOD,IAAII,MAAM,CAAC,KAAKC,IAAI,CAAC;4BAC1BC,SAAS;4BACTC,OAAO;wBACT;oBACF;oBAEA,MAAMgB,SAAS,MAAMxB,IAAIW,OAAO,CAACc,IAAI,CAAC;wBACpCL,YAAYxB,OAAOyB,eAAe,IAAI;wBACtCK,OAAO;4BACLxB,OAAO;gCACLyB,QAAQzB,MAAM0B,WAAW;4BAC3B;wBACF;oBACF;oBAEA,IAAIJ,OAAOK,IAAI,CAACC,MAAM,KAAK,GAAG;wBAC5B,sCAAsC;wBACtC,OAAO7B,IAAIK,IAAI,CAAC;4BACdC,SAAS;4BACTwB,SAAS;wBACX;oBACF;oBAEAtB,aAAae,OAAOK,IAAI,CAAC,EAAE;gBAC7B;gBAEA,IAAI,CAACpB,YAAY;oBACf,OAAOR,IAAIK,IAAI,CAAC;wBACdC,SAAS;wBACTwB,SAAS;oBACX;gBACF;gBAEA,gCAAgC;gBAChC,IAAItB,WAAWuB,kBAAkB,KAAK,gBAAgB;oBACpD,OAAO/B,IAAIK,IAAI,CAAC;wBACdC,SAAS;wBACTwB,SAAS;oBACX;gBACF;gBAEA,0EAA0E;gBAC1E,MAAM/B,IAAIW,OAAO,CAACsB,MAAM,CAAC;oBACvBb,YAAYxB,OAAOyB,eAAe,IAAI;oBACtCC,IAAIb,WAAWa,EAAE;oBACjBY,MAAM;wBACJF,oBAAoB;wBACpBG,gBAAgB,IAAIC,OAAOC,WAAW;oBACxC;oBACAC,gBAAgB;oBAChBC,MAAM;wBACJnB,YAAY;wBACZE,IAAIb,WAAWa,EAAE;wBACjBpB,OAAOO,WAAWP,KAAK;oBACzB;gBACF;gBAEAD,IAAIK,IAAI,CAAC;oBACPC,SAAS;oBACTwB,SAAS;gBACX;YACF,EAAE,OAAOvB,OAAgB;gBACvBgC,QAAQhC,KAAK,CAAC,sBAAsBA;gBACpCP,IAAII,MAAM,CAAC,KAAKC,IAAI,CAAC;oBACnBC,SAAS;oBACTC,OAAO;gBACT;YACF;QACF;IACF;AACF,EAAC"}

package/dist/src/endpoints/verify-magic-link.js

@@ -1,103 +0,0 @@
-import { verifyMagicLinkToken, generateSessionToken } from '../utils/jwt';
-export const createVerifyMagicLinkEndpoint = (config)=>{
-    return {
-        path: '/newsletter/verify-magic-link',
-        method: 'post',
-        handler: async (req, res)=>{
-            try {
-                const { token } = req.body;
-                if (!token) {
-                    return res.status(400).json({
-                        success: false,
-                        error: 'Token is required'
-                    });
-                }
-                // Verify the magic link token
-                let payload;
-                try {
-                    payload = verifyMagicLinkToken(token);
-                } catch (error) {
-                    return res.status(401).json({
-                        success: false,
-                        error: error instanceof Error ? error.message : 'Invalid token'
-                    });
-                }
-                // Find the subscriber - token verified so we can use admin access for initial lookup
-                const subscriber = await req.payload.findByID({
-                    collection: config.subscribersSlug || 'subscribers',
-                    id: payload.subscriberId
-                });
-                if (!subscriber) {
-                    return res.status(404).json({
-                        success: false,
-                        error: 'Subscriber not found'
-                    });
-                }
-                // Check if email matches
-                if (subscriber.email !== payload.email) {
-                    return res.status(401).json({
-                        success: false,
-                        error: 'Invalid token'
-                    });
-                }
-                // Check if subscriber is active
-                if (subscriber.subscriptionStatus === 'unsubscribed') {
-                    return res.status(403).json({
-                        success: false,
-                        error: 'This email has been unsubscribed'
-                    });
-                }
-                // Create synthetic user for subscriber operations
-                const syntheticUser = {
-                    collection: 'subscribers',
-                    id: subscriber.id,
-                    email: subscriber.email
-                };
-                // Update subscription status if pending
-                if (subscriber.subscriptionStatus === 'pending') {
-                    await req.payload.update({
-                        collection: config.subscribersSlug || 'subscribers',
-                        id: subscriber.id,
-                        data: {
-                            subscriptionStatus: 'active'
-                        },
-                        overrideAccess: false,
-                        user: syntheticUser
-                    });
-                }
-                // Clear the magic link token
-                await req.payload.update({
-                    collection: config.subscribersSlug || 'subscribers',
-                    id: subscriber.id,
-                    data: {
-                        magicLinkToken: null,
-                        magicLinkTokenExpiry: null
-                    },
-                    overrideAccess: false,
-                    user: syntheticUser
-                });
-                // Generate session token
-                const sessionToken = generateSessionToken(String(subscriber.id), subscriber.email);
-                res.json({
-                    success: true,
-                    sessionToken,
-                    subscriber: {
-                        id: subscriber.id,
-                        email: subscriber.email,
-                        name: subscriber.name,
-                        locale: subscriber.locale,
-                        emailPreferences: subscriber.emailPreferences
-                    }
-                });
-            } catch (error) {
-                console.error('Verify magic link error:', error);
-                res.status(500).json({
-                    success: false,
-                    error: 'Failed to verify magic link'
-                });
-            }
-        }
-    };
-};
-
-//# sourceMappingURL=verify-magic-link.js.map

package/dist/src/endpoints/verify-magic-link.js.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../../../src/endpoints/verify-magic-link.ts"],"sourcesContent":["import type { Endpoint, PayloadHandler } from 'payload'\nimport type { NewsletterPluginConfig } from '../types'\nimport { \n  verifyMagicLinkToken, \n  generateSessionToken \n} from '../utils/jwt'\n\nexport const createVerifyMagicLinkEndpoint = (\n  config: NewsletterPluginConfig\n): Endpoint => {\n  return {\n    path: '/newsletter/verify-magic-link',\n    method: 'post',\n    handler: (async (req: any, res: any) => {\n      try {\n        const { token } = req.body\n\n        if (!token) {\n          return res.status(400).json({\n            success: false,\n            error: 'Token is required',\n          })\n        }\n\n        // Verify the magic link token\n        let payload\n        try {\n          payload = verifyMagicLinkToken(token)\n        } catch (error: unknown) {\n          return res.status(401).json({\n            success: false,\n            error: error instanceof Error ? error.message : 'Invalid token',\n          })\n        }\n\n        // Find the subscriber - token verified so we can use admin access for initial lookup\n        const subscriber = await req.payload.findByID({\n          collection: config.subscribersSlug || 'subscribers',\n          id: payload.subscriberId,\n          // Keep overrideAccess: true for token verification\n        })\n\n        if (!subscriber) {\n          return res.status(404).json({\n            success: false,\n            error: 'Subscriber not found',\n          })\n        }\n\n        // Check if email matches\n        if (subscriber.email !== payload.email) {\n          return res.status(401).json({\n            success: false,\n            error: 'Invalid token',\n          })\n        }\n\n        // Check if subscriber is active\n        if (subscriber.subscriptionStatus === 'unsubscribed') {\n          return res.status(403).json({\n            success: false,\n            error: 'This email has been unsubscribed',\n          })\n        }\n\n        // Create synthetic user for subscriber operations\n        const syntheticUser = {\n          collection: 'subscribers',\n          id: subscriber.id,\n          email: subscriber.email,\n        }\n\n        // Update subscription status if pending\n        if (subscriber.subscriptionStatus === 'pending') {\n          await req.payload.update({\n            collection: config.subscribersSlug || 'subscribers',\n            id: subscriber.id,\n            data: {\n              subscriptionStatus: 'active',\n            },\n            overrideAccess: false,\n            user: syntheticUser,\n          })\n        }\n\n        // Clear the magic link token\n        await req.payload.update({\n          collection: config.subscribersSlug || 'subscribers',\n          id: subscriber.id,\n          data: {\n            magicLinkToken: null,\n            magicLinkTokenExpiry: null,\n          },\n          overrideAccess: false,\n          user: syntheticUser,\n        })\n\n        // Generate session token\n        const sessionToken = generateSessionToken(\n          String(subscriber.id),\n          subscriber.email\n        )\n\n        res.json({\n          success: true,\n          sessionToken,\n          subscriber: {\n            id: subscriber.id,\n            email: subscriber.email,\n            name: subscriber.name,\n            locale: subscriber.locale,\n            emailPreferences: subscriber.emailPreferences,\n          },\n        })\n      } catch (error: unknown) {\n        console.error('Verify magic link error:', error)\n        res.status(500).json({\n          success: false,\n          error: 'Failed to verify magic link',\n        })\n      }\n    }) as PayloadHandler,\n  }\n}"],"names":["verifyMagicLinkToken","generateSessionToken","createVerifyMagicLinkEndpoint","config","path","method","handler","req","res","token","body","status","json","success","error","payload","Error","message","subscriber","findByID","collection","subscribersSlug","id","subscriberId","email","subscriptionStatus","syntheticUser","update","data","overrideAccess","user","magicLinkToken","magicLinkTokenExpiry","sessionToken","String","name","locale","emailPreferences","console"],"mappings":"AAEA,SACEA,oBAAoB,EACpBC,oBAAoB,QACf,eAAc;AAErB,OAAO,MAAMC,gCAAgC,CAC3CC;IAEA,OAAO;QACLC,MAAM;QACNC,QAAQ;QACRC,SAAU,OAAOC,KAAUC;YACzB,IAAI;gBACF,MAAM,EAAEC,KAAK,EAAE,GAAGF,IAAIG,IAAI;gBAE1B,IAAI,CAACD,OAAO;oBACV,OAAOD,IAAIG,MAAM,CAAC,KAAKC,IAAI,CAAC;wBAC1BC,SAAS;wBACTC,OAAO;oBACT;gBACF;gBAEA,8BAA8B;gBAC9B,IAAIC;gBACJ,IAAI;oBACFA,UAAUf,qBAAqBS;gBACjC,EAAE,OAAOK,OAAgB;oBACvB,OAAON,IAAIG,MAAM,CAAC,KAAKC,IAAI,CAAC;wBAC1BC,SAAS;wBACTC,OAAOA,iBAAiBE,QAAQF,MAAMG,OAAO,GAAG;oBAClD;gBACF;gBAEA,qFAAqF;gBACrF,MAAMC,aAAa,MAAMX,IAAIQ,OAAO,CAACI,QAAQ,CAAC;oBAC5CC,YAAYjB,OAAOkB,eAAe,IAAI;oBACtCC,IAAIP,QAAQQ,YAAY;gBAE1B;gBAEA,IAAI,CAACL,YAAY;oBACf,OAAOV,IAAIG,MAAM,CAAC,KAAKC,IAAI,CAAC;wBAC1BC,SAAS;wBACTC,OAAO;oBACT;gBACF;gBAEA,yBAAyB;gBACzB,IAAII,WAAWM,KAAK,KAAKT,QAAQS,KAAK,EAAE;oBACtC,OAAOhB,IAAIG,MAAM,CAAC,KAAKC,IAAI,CAAC;wBAC1BC,SAAS;wBACTC,OAAO;oBACT;gBACF;gBAEA,gCAAgC;gBAChC,IAAII,WAAWO,kBAAkB,KAAK,gBAAgB;oBACpD,OAAOjB,IAAIG,MAAM,CAAC,KAAKC,IAAI,CAAC;wBAC1BC,SAAS;wBACTC,OAAO;oBACT;gBACF;gBAEA,kDAAkD;gBAClD,MAAMY,gBAAgB;oBACpBN,YAAY;oBACZE,IAAIJ,WAAWI,EAAE;oBACjBE,OAAON,WAAWM,KAAK;gBACzB;gBAEA,wCAAwC;gBACxC,IAAIN,WAAWO,kBAAkB,KAAK,WAAW;oBAC/C,MAAMlB,IAAIQ,OAAO,CAACY,MAAM,CAAC;wBACvBP,YAAYjB,OAAOkB,eAAe,IAAI;wBACtCC,IAAIJ,WAAWI,EAAE;wBACjBM,MAAM;4BACJH,oBAAoB;wBACtB;wBACAI,gBAAgB;wBAChBC,MAAMJ;oBACR;gBACF;gBAEA,6BAA6B;gBAC7B,MAAMnB,IAAIQ,OAAO,CAACY,MAAM,CAAC;oBACvBP,YAAYjB,OAAOkB,eAAe,IAAI;oBACtCC,IAAIJ,WAAWI,EAAE;oBACjBM,MAAM;wBACJG,gBAAgB;wBAChBC,sBAAsB;oBACxB;oBACAH,gBAAgB;oBAChBC,MAAMJ;gBACR;gBAEA,yBAAyB;gBACzB,MAAMO,eAAehC,qBACnBiC,OAAOhB,WAAWI,EAAE,GACpBJ,WAAWM,KAAK;gBAGlBhB,IAAII,IAAI,CAAC;oBACPC,SAAS;oBACToB;oBACAf,YAAY;wBACVI,IAAIJ,WAAWI,EAAE;wBACjBE,OAAON,WAAWM,KAAK;wBACvBW,MAAMjB,WAAWiB,IAAI;wBACrBC,QAAQlB,WAAWkB,MAAM;wBACzBC,kBAAkBnB,WAAWmB,gBAAgB;oBAC/C;gBACF;YACF,EAAE,OAAOvB,OAAgB;gBACvBwB,QAAQxB,KAAK,CAAC,4BAA4BA;gBAC1CN,IAAIG,MAAM,CAAC,KAAKC,IAAI,CAAC;oBACnBC,SAAS;oBACTC,OAAO;gBACT;YACF;QACF;IACF;AACF,EAAC"}

package/dist/src/exports/client.js

@@ -1,7 +0,0 @@
-'use client';
-// React components
-export { NewsletterForm, createNewsletterForm, PreferencesForm, createPreferencesForm, MagicLinkVerify, createMagicLinkVerify } from '../components';
-// Hooks
-export { useNewsletterAuth } from '../hooks/useNewsletterAuth';
-
-//# sourceMappingURL=client.js.map

package/dist/src/exports/client.js.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../../../src/exports/client.ts"],"sourcesContent":["'use client'\n\n// React components\nexport { \n  NewsletterForm, \n  createNewsletterForm,\n  PreferencesForm,\n  createPreferencesForm,\n  MagicLinkVerify,\n  createMagicLinkVerify,\n} from '../components'\n\n// Hooks\nexport { useNewsletterAuth } from '../hooks/useNewsletterAuth'\n\n// Types for client-side use\nexport type {\n  SignupFormProps,\n  PreferencesFormProps,\n  Subscriber,\n} from '../types'\n\nexport type {\n  MagicLinkVerifyProps,\n} from '../components'\n\nexport type {\n  UseNewsletterAuthOptions,\n  UseNewsletterAuthReturn,\n} from '../hooks/useNewsletterAuth'"],"names":["NewsletterForm","createNewsletterForm","PreferencesForm","createPreferencesForm","MagicLinkVerify","createMagicLinkVerify","useNewsletterAuth"],"mappings":"AAAA;AAEA,mBAAmB;AACnB,SACEA,cAAc,EACdC,oBAAoB,EACpBC,eAAe,EACfC,qBAAqB,EACrBC,eAAe,EACfC,qBAAqB,QAChB,gBAAe;AAEtB,QAAQ;AACR,SAASC,iBAAiB,QAAQ,6BAA4B"}

package/dist/src/exports/components.js

@@ -1,6 +0,0 @@
-'use client';
-// Re-export all components from the client export
-// This allows users to import directly from @payloadcms/plugin-newsletter/components
-export * from './client';
-
-//# sourceMappingURL=components.js.map

package/dist/src/exports/components.js.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../../../src/exports/components.ts"],"sourcesContent":["'use client'\n\n// Re-export all components from the client export\n// This allows users to import directly from @payloadcms/plugin-newsletter/components\nexport * from './client'"],"names":[],"mappings":"AAAA;AAEA,kDAAkD;AAClD,qFAAqF;AACrF,cAAc,WAAU"}

package/dist/src/exports/types.js

@@ -1,3 +0,0 @@
-export * from '../types';
-
-//# sourceMappingURL=types.js.map

package/dist/src/exports/types.js.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../../../src/exports/types.ts"],"sourcesContent":["export * from '../types'"],"names":[],"mappings":"AAAA,cAAc,WAAU"}